Re: Limiting user access to .tmpl files
This WebDNA talk-list message is from 1997
It keeps the original formatting.
numero = 11905
interpreted = N
texte = >I am new to WebCatalog, and need some clarification on user access. It>seems to me that if I have ANY customer write-access to my site at all,>the customer can upload a .tmpl file and then run it. They would be able>to do any WebDNA actions at all, eg changing a database that is not in>their realm.>>Am I missing something?Yes, you are missing something.In the docs, and also in the admin interface, it explains that you can useWebCatalog folder hierarchy security to keep WebCat2 from processing anyfiles outside the WebCatalog folder hierarchy. Therefore, if you must allowFTP access to your site, just don't allow FTP access to your WebCatfolders, and you will NEVER have a security problem like the one you'reimagining.WebCat2 will NOT serve files outside the WebCat2 folder hierarchy unlessyou set the prefs to allow it to do so ... :)Sincerely, Ken GromeWebDNA Solutions
Associated Messages, from the most recent to the oldest:
>I am new to WebCatalog, and need some clarification on user access. It>seems to me that if I have ANY customer write-access to my site at all,>the customer can upload a .tmpl file and then run it. They would be able>to do any WebDNA actions at all, eg changing a database that is not in>their realm.>>Am I missing something?Yes, you are missing something.In the docs, and also in the admin interface, it explains that you can useWebCatalog folder hierarchy security to keep WebCat2 from processing anyfiles outside the WebCatalog folder hierarchy. Therefore, if you must allowFTP access to your site, just don't allow FTP access to your WebCatfolders, and you will NEVER have a security problem like the one you'reimagining.WebCat2 will NOT serve files outside the WebCat2 folder hierarchy unlessyou set the prefs to allow it to do so ... :)Sincerely, Ken GromeWebDNA Solutions
Kenneth Grome
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Hiding Email Addresses (2003)
[WebDNA] issues posted by sgbc (2011)
Requiring that certain fields be completed (1997)
Assigning Serialized Customer Numbers (1997)
[numfound] within summ=t (2000)
Installing on IIS 5.1 Windows XP Pro - Username/Password (2006)
WebCat + IIS (2001)
Scoping rules in WebDNA 4.0 (2000)
Location of Browser Info.txt file (1997)
2.1b3 --> way slow (1997)
Plugin or CGI or both (1997)
expired beta (1997)
Shopping Cart variation... (1997)
Maximum of found items?? (2000)
PCS Emailer's role ? (1997)
Re:listfiles-looking for slick solution (1997)
searchable list archive (1997)
Date calculation problems (1997)
Plugin or CGI or both (1997)
Security Issue (2000)